Learn. Practice. Achieve @ CCIEin8Weeks · Learn. Practice. Achieve @ CCIEin8Weeks.com FULL GUIDE HAS 400+ PAGES All-in-One CCIE Routing and Switching V5.1 400-101 Written Exam Cert

Learn. Practice. Achieve @ CCIEin8Weeks.com

FULL GUIDE HAS 400+ PAGES

All-in-One CCIE Routing and Switching V5.1

400-101 Written Exam Cert Guide

for CCNP and CCNA Professionals

2nd Edition



Contents at a Glance

Part 1 Network Principles

Chapter 1: Network Theory

Chapter 2: Network Implementation and operation

Chapter 3: Network Troubleshooting

Part 2 Layer 2 Technologies

Chapter 4: LAN Switching Technologies

Chapter 5: Layer 2 Multicast

Chapter 6: Layer 2 WAN Circuit Technologies

Part 3 Layer 3 Technologies

Chapter 7: Addressing Technologies

Chapter 8: Layer 2 Multicast

Chapter 9: Fundamental Routing Concepts

Chapter 10: RIPv2 (IPv4/IPv6)

Chapter 11: EIGRP (IPv4/IPv6)

Chapter 12: OSPF (v2, v3)

Chapter 13: BGP

Chapter 14: ISIS (IPv4/IPv6)

Part 4 VPN Technologies

Chapter 15: Tunneling

Chapter 16: Encryption

Part 5 Infrastructure Security

Chapter 17: Device Security

Chapter 18: Network Security

Part 6 Infrastructure Services

Chapter 19: System Management

Chapter 20: Quality of Service

Chapter 21: Network Services

Chapter 22: Network Optimization

Part 7 Evolving Technologies V1.1

Chapter 23 Cloud



Chapter 24 Network Programmability

Chapter 25 Internet of Things (IoT)



Table of Contents Preface.................................................................................................................................................... 24

What this Exam Cert Guide covers .................................................................................................... 24

How to use this Exam Cert Guide ...................................................................................................... 25

What's available on the CCIEin8Weeks website ............................................................................. 25

Part 1 Network Principles....................................................................................................... 26

Chapter 1: Network Theory ................................................................................................................. 28

Describe basic software architecture differences between IOS and IOS XE .............................. 28

Table 1-1, shows functions of Cisco IOS XE Software Subpackages.......................................... 29

Control plane and Forwarding plane .................................................................................................. 30

Table 1-2, compares classic IOS (“IOS) and IOS XE architectures ............................................. 31

Impact to troubleshooting and performances ................................................................................... 31

Table 1-3, shows comparison of troubleshooting differences between classic IOS (“IOS) and

IOS XE .................................................................................................................................................... 32

Identify Cisco express forwarding concepts ..................................................................................... 32

RIB, FIB, LFIB, Adjacency table ......................................................................................................... 34

Routing Information Base (RIB) .......................................................................................................... 34

Forwarding Information Base (FIB) .................................................................................................... 34

Label Information Base (LIB) .............................................................................................................. 34

Adjacency Tables .................................................................................................................................. 34

Load balancing Hash ............................................................................................................................ 35

Per-Destination load balancing ........................................................................................................... 35

Per-Packet load balancing ................................................................................................................... 36

Polarization concept and avoidance .................................................................................................. 37

Explain general network challenges .................................................................................................. 37

Unicast flooding ..................................................................................................................................... 37

Asymmetric Routing.............................................................................................................................. 38

Spanning-Tree Protocol Topology Changes .................................................................................... 38

Forwarding Table Overflow ................................................................................................................. 39

Out of order packets ............................................................................................................................. 39

Impact of micro burst ............................................................................................................................ 39

Explain IP operations............................................................................................................................ 40

ICMP unreachable, redirect ................................................................................................................. 40

IPv4 options, IPv6 extension headers ............................................................................................... 40

Table 1-5, shows IP header options and their description ............................................................. 40

Table 1-6, IPv6 Extension Headers and their Recommended Order in a Packet ...................... 41

IPv4 and IPv6 fragmentation ............................................................................................................... 41

TTL .......................................................................................................................................................... 42



IP MTU .................................................................................................................................................... 42

Explain TCP operations ....................................................................................................................... 43

IPv4 and IPv6 PMTU ............................................................................................................................ 43

Latency ................................................................................................................................................... 44

Windowing .............................................................................................................................................. 44

Bandwidth delay product...................................................................................................................... 44

Global synchronization ......................................................................................................................... 45

Options.................................................................................................................................................... 45

Options have up to three fields: .......................................................................................................... 45

Explain UDP operations ....................................................................................................................... 45

Starvation ............................................................................................................................................... 46

Latency ................................................................................................................................................... 46

RTP/RTCP concepts ............................................................................................................................ 46

Exam Essentials .................................................................................................................................... 46

Chapter 2: Network Implementation and Operation ........................................................................ 50

Evaluate proposed changes to a network ......................................................................................... 50

Changes to routing protocol parameters ........................................................................................... 50

Migrate parts of a network to IPv6...................................................................................................... 50

Routing protocol migration ................................................................................................................... 50

Further Reading .................................................................................................................................... 51

Adding multicast support...................................................................................................................... 51

Further Reading .................................................................................................................................... 52

Migrate spanning tree protocol ........................................................................................................... 52

PVST+ to MST Migration ..................................................................................................................... 53

STP to RSTP (802.1w) or MSTP (802.1s) ........................................................................................ 53

Configuration Steps: ............................................................................................................................. 53

Further Reading .................................................................................................................................... 54

Evaluate impact of new traffic on existing QoS design ................................................................... 54

Exam Essentials .................................................................................................................................... 54

Chapter 3: Network Troubleshooting ................................................................................................. 57

Use IOS troubleshooting tools ............................................................................................................ 57

Further Reading .................................................................................................................................... 57

Debug, conditional debug .................................................................................................................... 57

Ping, traceroute with extended options ............................................................................................. 57

Further Reading .................................................................................................................................... 58

Embedded packet capture ................................................................................................................... 58

Further Reading .................................................................................................................................... 58

Performance monitor ............................................................................................................................ 58

Further Reading .................................................................................................................................... 59

Apply troubleshooting methodologies ................................................................................................ 59

Further Reading .................................................................................................................................... 59

Interpret packet capture ....................................................................................................................... 59



Using Wireshark trace analyzer .......................................................................................................... 59

Further Reading .................................................................................................................................... 60

Using IOS Embedded Packet Capture (EPC) .................................................................................. 60

Basic EPC Configuration ..................................................................................................................... 60

Further Reading .................................................................................................................................... 61

Exam Essentials .................................................................................................................................... 61

Part 2 Layer 2 Technologies ................................................................................................... 62

Chapter 4: LAN Switching Technologies ........................................................................................... 64

Implement and troubleshoot switch administration.......................................................................... 64

Managing MAC address table ............................................................................................................. 64

Further Reading .................................................................................................................................... 64

Errdisable recovery ............................................................................................................................... 64

Further Reading .................................................................................................................................... 66

L2 MTU ................................................................................................................................................... 66

Implement and troubleshoot layer 2 protocols ................................................................................. 66

CDP, LLDP ............................................................................................................................................. 66

Further Reading .................................................................................................................................... 66

UDLD ...................................................................................................................................................... 67

Further Reading .................................................................................................................................... 67

Implement and troubleshoot VLAN .................................................................................................... 67

Access ports .......................................................................................................................................... 67

VLAN database ..................................................................................................................................... 67

Normal, extended VLAN, voice VLAN ............................................................................................... 68

Table 4-1, shows various default VLANs and the respective L2 protocols.................................. 68

Implement and troubleshoot trunking ................................................................................................ 69

VTPv1, VTPv2, VTPv3, VTP pruning ................................................................................................ 70

Table 4-2, summaries different VTP versions and their limitations ............................................... 70

Dot1Q ...................................................................................................................................................... 70

Native VLAN .......................................................................................................................................... 71

Manual pruning ...................................................................................................................................... 71

Implement and troubleshoot EtherChannel ...................................................................................... 71

Further Reading .................................................................................................................................... 72

LACP, PAgP, manual ........................................................................................................................... 72

Further Reading .................................................................................................................................... 73

Layer 2, layer 3, Load-balancing ........................................................................................................ 73

Table 4-3, shows various platforms and the load balancing options that are available ............ 73

Further Reading .................................................................................................................................... 74

Etherchannel misconfiguration guard ................................................................................................ 74

Implement and troubleshoot spanning-tree ...................................................................................... 74

Further Reading .................................................................................................................................... 75

PVST+/RPVST+/MST .......................................................................................................................... 75



Table 4-4, summarizes different STP versions and their limitations ............................................. 76

Further Reading .................................................................................................................................... 76

Switch priority, port priority, path cost, STP timers .......................................................................... 76

Further Reading .................................................................................................................................... 78

Port Fast, BPDUguard, BPDUfilter ..................................................................................................... 78

Loop Guard, Root Guard ..................................................................................................................... 79

Further Reading .................................................................................................................................... 79

Implement and troubleshoot other LAN switching technologies.................................................... 79

SPAN, RSPAN, ERSPAN .................................................................................................................... 79

Further Reading .................................................................................................................................... 80

Describe chassis virtualization and aggregation technologies ...................................................... 80

Multi-chassis .......................................................................................................................................... 80

Further Reading .................................................................................................................................... 81

VSS concepts ........................................................................................................................................ 81

Alternative to STP ................................................................................................................................. 81

Further Reading .................................................................................................................................... 82

StackWise .............................................................................................................................................. 82

Table 4-5, shows rules and their respective priority order.............................................................. 82

Excluding specific platform implementation ...................................................................................... 83

Describe spanning-tree concepts ....................................................................................................... 83

Further Reading .................................................................................................................................... 84

Compatibility between MST and RSTP ............................................................................................. 84

Further Reading .................................................................................................................................... 84

STP dispute, STP bridge assurance .................................................................................................. 84

Further Reading .................................................................................................................................... 85

Exam Essentials .................................................................................................................................... 85

Chapter 5: Layer 2 Multicast ............................................................................................................... 88

Implement and troubleshoot IGMP .................................................................................................... 88

Further Reading .................................................................................................................................... 88

IGMPv1, IGMPv2, IGMPv3.................................................................................................................. 88

Table 5-1, shows IGMPv2 intervals and their default values ......................................................... 90

Further Reading .................................................................................................................................... 91

IGMP Snooping ..................................................................................................................................... 91

IGMP Querier ......................................................................................................................................... 92

Further Reading .................................................................................................................................... 92

IGMP Filter ............................................................................................................................................. 92

Further Reading .................................................................................................................................... 93

IGMP proxy ............................................................................................................................................ 93

Further Reading .................................................................................................................................... 93

Explain MLD ........................................................................................................................................... 93

MLD Versions ........................................................................................................................................ 94

Explain PIM Snooping .......................................................................................................................... 94



PIM Snooping Configuration Guidelines and Restrictions.............................................................. 95

Further Reading .................................................................................................................................... 96

Exam Essentials .................................................................................................................................... 96

Chapter 6: Layer 2 WAN Circuit Technologies ................................................................................ 98

Implement and troubleshoot HDLC .................................................................................................... 98

Implement and troubleshoot PPP ....................................................................................................... 98

Authentication (PAP, CHAP) ............................................................................................................... 98

PPPoE .................................................................................................................................................... 98

MLPPP .................................................................................................................................................... 99

Multilink PPP Bundles and PPP Links ............................................................................................. 100

Describe WAN rate-based Ethernet circuits ................................................................................... 101

Further Reading .................................................................................................................................. 101

Metro and WAN Ethernet topologies ............................................................................................... 101

Table 6-1, shows breakdown of metro ethernet services into port or VLAN based categories

............................................................................................................................................................... 102

Use of rate-limited WAN Ethernet services .................................................................................... 103

Ethernet Private Line (EPL) ............................................................................................................... 103

Ethernet Virtual Private Line (EVPL)................................................................................................ 103

Further Reading .................................................................................................................................. 103

Exam Essentials .................................................................................................................................. 103

Part 3 Layer 3 Technologies ................................................................................................. 105

Chapter 7: Addressing Technologies ............................................................................................... 107

Address types, VLSM ......................................................................................................................... 107

Further Reading .................................................................................................................................. 107

ARP ....................................................................................................................................................... 107

Further Reading .................................................................................................................................. 108

Identify, implement and troubleshoot IPv6 addressing and subnetting ...................................... 108

Unicast, multicast ................................................................................................................................ 108

Table 7-1, shows various IPv6 address types and respective formats ...................................... 109

Further Reading .................................................................................................................................. 109

EUI-64 ................................................................................................................................................... 109

ND, RS/RA ........................................................................................................................................... 110

Router Solicitation ............................................................................................................................... 110

Further Reading .................................................................................................................................. 111

Autoconfig/SLAAC, temporary addresses (RFC 4941) ................................................................ 111

Global prefix configuration feature ................................................................................................... 112

Further Reading .................................................................................................................................. 112

DHCP protocol operations ................................................................................................................. 112

DHCP Server Function ....................................................................................................................... 112

Table 7-2, shows various DHCP messages and their intended use .......................................... 113

Client Function ..................................................................................................................................... 114



Further Reading .................................................................................................................................. 114

SLAAC/DHCPv6 interaction .............................................................................................................. 114

Stateful, Stateless DHCPv6 .............................................................................................................. 115

DHCPv6 prefix delegation ................................................................................................................. 115

Exam Essentials .................................................................................................................................. 116

Chapter 8: Layer 3 Multicast ............................................................................................................. 118

Troubleshoot reverse path forwarding ............................................................................................. 118

RPF failure ........................................................................................................................................... 118

RPF failure with tunnel interface ....................................................................................................... 118

Further Reading .................................................................................................................................. 118

Implement and troubleshoot IPv4 protocol independent multicast ............................................. 118

PIM dense mode, sparse mode, sparse-dense mode .................................................................. 119

Static RP, auto-RP, BSR ................................................................................................................... 120

Further Reading .................................................................................................................................. 120

Bidirectional PIM ................................................................................................................................. 121

Further Reading .................................................................................................................................. 121

Source-specific multicast ................................................................................................................... 121

Further Reading .................................................................................................................................. 122

Group to RP mapping ......................................................................................................................... 122

Table 8-1, shows various mechanisms for disseminating RP information ................................ 122

Further Reading .................................................................................................................................. 122

Multicast boundary .............................................................................................................................. 123

Further Reading .................................................................................................................................. 123

Implement and troubleshoot multicast source discovery protocol .............................................. 123

Intra-domain MSDP (anycast RP) .................................................................................................... 123

SA filter ................................................................................................................................................. 124

Further Reading .................................................................................................................................. 124

Describe IPv6 multicast...................................................................................................................... 124

IPv6 multicast addresses ................................................................................................................... 124

Table 8-2, shows IPv6 multicast address format ........................................................................... 125

PIMv6 .................................................................................................................................................... 125

Exam Essentials .................................................................................................................................. 125

Chapter 9: Fundamental Routing Concepts ................................................................................... 127

Implement and troubleshoot static routing ...................................................................................... 127

Implement and troubleshoot default routing ................................................................................... 127

Compare routing protocol types........................................................................................................ 128

Distance vector .................................................................................................................................... 128

Further Reading .................................................................................................................................. 128

Link state .............................................................................................................................................. 128

Further Reading .................................................................................................................................. 128

Path vector ........................................................................................................................................... 128

Implement, optimize and troubleshoot administrative distance ................................................... 129



Implement and troubleshoot passive interface ............................................................................... 129

Implement and troubleshoot VRF lite .............................................................................................. 129

Implement, optimize and troubleshoot filtering with any routing protocol .................................. 130

Implement, optimize and troubleshoot redistribution between any routing protocol ................ 131

Distance Vector Protocols ................................................................................................................. 131

Link State Protocols ............................................................................................................................ 133

Further Reading .................................................................................................................................. 133 Implement, optimize and troubleshoot manual and auto summarization with any routing

protocol ................................................................................................................................................. 133

Implement, optimize and troubleshoot policy-based routing ........................................................ 134

Further Reading .................................................................................................................................. 134

Identify and troubleshoot sub-optimal routing ................................................................................ 134

Implement and troubleshoot bidirectional forwarding detection .................................................. 135

Implement and troubleshoot loop prevention mechanisms .......................................................... 135

Route tagging, filtering ....................................................................................................................... 136

Implement and troubleshoot routing protocol authentication ....................................................... 137

MD5 ....................................................................................................................................................... 137

OSPF Authentication .......................................................................................................................... 137

RIP and EIGRP ................................................................................................................................... 137

Further Reading .................................................................................................................................. 138

Key-chain.............................................................................................................................................. 138

EIGRP HMAC SHA2-256 bit ............................................................................................................. 138

Configuration Steps ............................................................................................................................ 139

Further Reading .................................................................................................................................. 139

OSPFv2 SHA1-196bit ........................................................................................................................ 139

OSPFv3 IPsec authentication ........................................................................................................... 140

Further Reading .................................................................................................................................. 141

Exam Essentials .................................................................................................................................. 141

Chapter 10: RIPv2 (IPv4/IPv6).......................................................................................................... 144

Implement and troubleshoot RIPv2 .................................................................................................. 144

Further Reading .................................................................................................................................. 144

Describe RIPv6 (RIPng) ..................................................................................................................... 144

Further Reading .................................................................................................................................. 144

Exam Essentials .................................................................................................................................. 144

Chapter 11: EIGRP (IPv4/IPv6) ........................................................................................................ 147

Describe packet types ........................................................................................................................ 147

Packet types (hello, query, update, and such) ............................................................................... 147

Further Reading .................................................................................................................................. 148

Route types (internal, external) ......................................................................................................... 148

Implement and troubleshoot neighbor relationship........................................................................ 149

Multicast, unicast EIGRP peering ..................................................................................................... 149

Further Reading .................................................................................................................................. 149



OTP point-to-point peering ................................................................................................................ 149

OTP route-reflector peering ............................................................................................................... 150

OTP multiple service providers scenario ......................................................................................... 150

Further Reading .................................................................................................................................. 151

Implement and troubleshoot loop free path selection ................................................................... 151

RD, FD, FC, successor, feasible successor ................................................................................... 151

Further Reading .................................................................................................................................. 152

Classic metric ...................................................................................................................................... 152

Wide metric .......................................................................................................................................... 152

Implement and troubleshoot operations .......................................................................................... 152

Topology table, update, query, active, passive .............................................................................. 153

Further Reading .................................................................................................................................. 154

Stuck in active...................................................................................................................................... 154

Graceful shutdown .............................................................................................................................. 155

Implement and troubleshoot EIGRP stub........................................................................................ 155

Stub ....................................................................................................................................................... 155

Leak-map.............................................................................................................................................. 156

Further Reading .................................................................................................................................. 156

Implement and troubleshoot load-balancing ................................................................................... 156

Equal-cost ............................................................................................................................................ 156

Unequal-cost ........................................................................................................................................ 156

Add-path ............................................................................................................................................... 156

Implement EIGRP (multi-address) named mode ........................................................................... 157

Types of families ................................................................................................................................. 157

IPv4 address-family ............................................................................................................................ 157

IPv6 address-family ............................................................................................................................ 157

Implement, troubleshoot and optimize EIGRP convergence and scalability ............................. 157

Describe fast convergence requirements........................................................................................ 157

Further Reading .................................................................................................................................. 158

Control query boundaries .................................................................................................................. 158

IP FRR/fast reroute (single hop) ....................................................................................................... 159

Summary leak-map and metric ......................................................................................................... 159

Exam Essentials .................................................................................................................................. 159

Chapter 12: OSPF (v2 and v3) ......................................................................................................... 163

Describe packet types ........................................................................................................................ 163

LSA types (1, 2, 3, 4, 5, 7, 9, 10) ...................................................................................................... 163

Table 12-1 summarizes various LSA types and their description ............................................... 163

Table 12-2, shows various OSPF network types and traffic that are allowed ........................... 164

Route types (N1, N2, E1, E2)............................................................................................................ 165

Implement and troubleshoot neighbor relationship........................................................................ 165

Further Reading .................................................................................................................................. 167

Implement and troubleshoot OSPFv3 address-family support .................................................... 168




Verification Steps ................................................................................................................................ 168

Further Reading .................................................................................................................................. 169

IPv4/v6 address-family ....................................................................................................................... 169

Implement and troubleshoot network types, area types and router types ................................. 171

Point-to-point, multipoint, broadcast, non-broadcast ..................................................................... 171

Point-to-Point Sub-interfaces ............................................................................................................ 171

Point-to-Multipoint Interfaces ............................................................................................................ 171

Broadcast Interfaces ........................................................................................................................... 171

Table 12-3, shows the various OSPF network types and their associated default set of timers

............................................................................................................................................................... 171

LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub ............................... 172

Table 12-4, shows the differences between the types of the OSPF areas. ............................. 172

Internal router, ABR, ASBR ............................................................................................................... 172

Virtual link ............................................................................................................................................. 173

Implement and troubleshoot path preference ................................................................................. 173

Further Reading .................................................................................................................................. 174

Implement and troubleshoot operations .......................................................................................... 174

General operations ............................................................................................................................. 174

Further Reading .................................................................................................................................. 174

Graceful shutdown .............................................................................................................................. 174

Generic TTL Security Mechanism (GTSM) ..................................................................................... 174

Further Reading .................................................................................................................................. 175

Implement, troubleshoot and optimize OSPF convergence and scalability .............................. 175

Metrics .................................................................................................................................................. 175

LSA throttling, SPF tuning, fast hello ............................................................................................... 176

LSA propagation control (area types, ISPF) ................................................................................... 178

IP FRR/fast reroute (single and multi hop)...................................................................................... 179

Further Reading .................................................................................................................................. 179

OSPFv3 prefix suppression ............................................................................................................... 179

Further Reading .................................................................................................................................. 180

Exam Essentials .................................................................................................................................. 180

Chapter 13: BGP ................................................................................................................................. 183

Describe, implement and troubleshoot peer relationships ........................................................... 183

Peer-group, template .......................................................................................................................... 183

Further Reading .................................................................................................................................. 184

Active, passive ..................................................................................................................................... 184

States, timers ....................................................................................................................................... 184

Dynamic neighbors ............................................................................................................................. 186

Implement and troubleshoot IBGP and EBGP ............................................................................... 187

EBGP, IBGP ........................................................................................................................................ 187

4-bytes AS number ............................................................................................................................. 187



Private AS ............................................................................................................................................ 188

Explain attributes and best-path selection ...................................................................................... 189

Further Reading .................................................................................................................................. 189

Implement, optimize and troubleshoot routing policies ................................................................. 189

Attribute manipulation ......................................................................................................................... 190

BGP Path Attributes............................................................................................................................ 190

Next-Hop Attribute .............................................................................................................................. 190

Local Preference Attribute ................................................................................................................. 190

Origin Attribute ..................................................................................................................................... 190

AS_Path Attribute................................................................................................................................ 191

MED Attribute ...................................................................................................................................... 191

Community Attribute ........................................................................................................................... 191

Atomic Aggregate and Aggregator Attributes ................................................................................. 191

Table 13-1, shows BGP attributes and the category they belong to .......................................... 192

Conditional advertisement ................................................................................................................. 192

Outbound route filtering...................................................................................................................... 193

Communities, extended communities .............................................................................................. 193

Multi-homing ........................................................................................................................................ 193

Implement and troubleshoot scalability ........................................................................................... 194

Route-reflector, cluster ....................................................................................................................... 194

Confederations .................................................................................................................................... 195

Further Reading .................................................................................................................................. 195

Aggregation, AS set ............................................................................................................................ 195

Impact of the Use of suppress-map with Other Configuration Commands ............................... 196

Further Reading .................................................................................................................................. 196

Implement and troubleshoot multiprotocol BGP ............................................................................ 196

IPv4, IPv6, VPN address-family........................................................................................................ 197

Further Reading .................................................................................................................................. 198

Implement and troubleshoot AS path manipulations ..................................................................... 198

Local AS, allow AS in, remove private AS ...................................................................................... 198

Prepend ................................................................................................................................................ 198

Regexp.................................................................................................................................................. 198

Table 13-2, shows various regular expressions and their description........................................ 198

Further Reading .................................................................................................................................. 199

Implement and troubleshoot other features .................................................................................... 199

Multipath ............................................................................................................................................... 199

BGP synchronization .......................................................................................................................... 199

Soft reconfiguration, route refresh .................................................................................................... 200

Describe BGP fast convergence features ....................................................................................... 200

Prefix independent convergence (PIC)............................................................................................ 200

Add-path ............................................................................................................................................... 201

Next-hop address tracking ................................................................................................................. 201



Exam Essentials .................................................................................................................................. 202

Chapter 14: ISIS (IPv4/IPv6) ............................................................................................................. 205

Describe basic ISIS network ............................................................................................................. 205

Single area, Single topology.............................................................................................................. 206

Describe neighbor relationship ......................................................................................................... 207

Table 14-1, describes the configuration steps to enable ISIS .................................................... 207

Further Reading .................................................................................................................................. 208

Describe network types, levels and router types ........................................................................... 208

Network Service Access Point (NSAP) addressing ....................................................................... 208

Further Reading .................................................................................................................................. 209

Point-to-point, broadcast .................................................................................................................... 209

Describe operations ............................................................................................................................ 209

Describe optimization features.......................................................................................................... 209

Metrics, wide metric ............................................................................................................................ 210

Exam Essentials .................................................................................................................................. 210

Part 4 VPN Technologies ...................................................................................................... 212

Chapter 15: Tunneling ............................................................................................................................... 214

Implement and troubleshoot MPLS operations .............................................................................. 214

Label stack, LSR, LSP ....................................................................................................................... 214

Further Reading .................................................................................................................................. 215

LDP........................................................................................................................................................ 215

Further Reading .................................................................................................................................. 216

MPLS ping, MPLS traceroute............................................................................................................ 216

Further Reading .................................................................................................................................. 217

Implement and troubleshoot basic MPLS L3VPN.......................................................................... 217

L3VPN, CE, PE, P .............................................................................................................................. 217

Extranet (route leaking) ...................................................................................................................... 218

Further Reading .................................................................................................................................. 218

Implement and troubleshoot encapsulation .................................................................................... 218

GRE ....................................................................................................................................................... 218

Dynamic GRE ...................................................................................................................................... 218

LISP encapsulation principles supporting EIGRP OTP ................................................................ 219

Control Plane ....................................................................................................................................... 220

Data Plane............................................................................................................................................ 220

How EIGRP Over the Top Works ..................................................................................................... 221

Further Reading .................................................................................................................................. 221

Implement and troubleshoot DMVPN (single hub) ........................................................................ 221

NHRP .................................................................................................................................................... 221

Further Reading .................................................................................................................................. 222

DMVPN with IPsec using pre-shared key ....................................................................................... 222

QoS profile ........................................................................................................................................... 228



Pre-classify ........................................................................................................................................... 230

Further Reading .................................................................................................................................. 230

Describe IPv6 tunneling techniques ................................................................................................. 231

6in4, 6to4 .............................................................................................................................................. 231

Further Reading .................................................................................................................................. 231

ISATAP ................................................................................................................................................. 231

6RD ....................................................................................................................................................... 232

6rd Basic Configuration Guidelines .................................................................................................. 232

Further Reading .................................................................................................................................. 234

6VPE ..................................................................................................................................................... 234

Further Reading .................................................................................................................................. 235

Describe basic layer 2 VPN —wireline ............................................................................................ 235

L2TPv3 general principles ................................................................................................................. 235

Further Reading .................................................................................................................................. 235

ATOM general principles ................................................................................................................... 235

Further Reading .................................................................................................................................. 236

Describe basic L2VPN — LAN services.......................................................................................... 236

MPLS-VPLS general principles ........................................................................................................ 236

Further Reading .................................................................................................................................. 237

OTV general principles ....................................................................................................................... 237

Table 15-1 shows the OTV entities/roles and their description ................................................... 238

Further Reading .................................................................................................................................. 239

Exam Essentials .................................................................................................................................. 239

Chapter 16: Encryption ...................................................................................................................... 242

Implement and troubleshoot IPsec with pre-shared key ............................................................... 242

IPv4 site to IPv4 site ........................................................................................................................... 242

Further Reading .................................................................................................................................. 243

IPv6 in IPv4 tunnels ............................................................................................................................ 243

Further Reading .................................................................................................................................. 244

Virtual tunneling Interface (VTI) ........................................................................................................ 244

Further Reading .................................................................................................................................. 246

Describe GET VPN ............................................................................................................................. 246

Group Member .................................................................................................................................... 246

Key Server............................................................................................................................................ 246

Communication Flow Between Key Servers and Group Members to Update IPsec SAs ....... 247

IPsec and ISAKMP Timers ................................................................................................................ 248

Further Reading .................................................................................................................................. 249

Exam Essentials .................................................................................................................................. 249

Part 5 Infrastructure Security ............................................................................................... 251

Chapter 17: Device Security.............................................................................................................. 253

Implement and troubleshoot IOS AAA using local database ....................................................... 253



Further Reading .................................................................................................................................. 253

Implement and troubleshoot device access control ...................................................................... 253

Lines (VTY, AUX, Console) ............................................................................................................... 253

Further Reading .................................................................................................................................. 255

SNMP .................................................................................................................................................... 255

Further Reading .................................................................................................................................. 256

Management plane protection .......................................................................................................... 256

Management Plane ............................................................................................................................. 256

Management Plane Protection Feature ........................................................................................... 257

Benefits of the Management Plane Protection Feature ................................................................ 258

Configuring a Device for Management Plane Protection.............................................................. 258

Prerequisites ........................................................................................................................................ 258


Further Reading .................................................................................................................................. 259

Password encryption .......................................................................................................................... 259

Further Reading .................................................................................................................................. 260

Implement and troubleshoot control plane policing ....................................................................... 260

Further Reading .................................................................................................................................. 261

Describe device security using IOS AAA with TACACS+ and RADIUS .................................... 261

AAA with TACACS+ and RADIUS ................................................................................................... 261

Local privilege authorization fallback ............................................................................................... 262

Exam Essentials .................................................................................................................................. 263

Chapter 18: Network Security ........................................................................................................... 265

Implement and troubleshoot switch security features ................................................................... 265

VACL, PACL ........................................................................................................................................ 265

Further Reading .................................................................................................................................. 266

Storm Control ....................................................................................................................................... 266

DHCP snooping ................................................................................................................................... 266

IP source-guard ................................................................................................................................... 267

Further Reading .................................................................................................................................. 267

Dynamic ARP inspection ................................................................................................................... 267

Port-security ......................................................................................................................................... 268

Private VLAN ....................................................................................................................................... 268

Implement and troubleshoot router security features .................................................................... 269

IPv4 access control lists (standard, extended, time-based) ......................................................... 269

Further Reading .................................................................................................................................. 272

IPv6 traffic filter .................................................................................................................................... 272

Further Reading .................................................................................................................................. 272

Unicast reverse path forwarding ....................................................................................................... 272

Implement and troubleshoot IPv6 first hop security ...................................................................... 273

RA guard .............................................................................................................................................. 273

Further Reading .................................................................................................................................. 273



DHCP guard ......................................................................................................................................... 273

Binding table ........................................................................................................................................ 274

Device tracking .................................................................................................................................... 274

ND inspection/snooping ..................................................................................................................... 274

Source guard ....................................................................................................................................... 275

PACL ..................................................................................................................................................... 275

Describe 802.1x .................................................................................................................................. 276

802.1x, EAP, RADIUS ........................................................................................................................ 276

Further Reading .................................................................................................................................. 277

MAC authentication bypass ............................................................................................................... 277

Further Reading .................................................................................................................................. 278

Exam Essentials .................................................................................................................................. 278

Part 6 Infrastructure Services ............................................................................................... 280

Chapter 19: System Management.................................................................................................... 282

Implement and troubleshoot device management ......................................................................... 282

Console and VTY ................................................................................................................................ 282

Telnet, HTTP, HTTPS, SSH, SCP ................................................................................................... 282

FTP, TFTP............................................................................................................................................ 282

Implement and troubleshoot SNMP ................................................................................................. 283

SNMP v2c, v3 ...................................................................................................................................... 283

Implement and troubleshoot logging ................................................................................................ 284

Local logging, syslog, debug, conditional debug ........................................................................... 284

Further Reading .................................................................................................................................. 285

Timestamp............................................................................................................................................ 285

Exam Essentials .................................................................................................................................. 285

Chapter 20: Quality of Service .......................................................................................................... 288

Implement and troubleshoot end-to-end QoS ................................................................................ 288

CoS and DSCP mapping ................................................................................................................... 288

Further Reading .................................................................................................................................. 289

Implement, optimize and troubleshoot QoS using MQC .............................................................. 289

Classification ........................................................................................................................................ 289

Network based application recognition (NBAR) ............................................................................. 290

Policing, shaping ................................................................................................................................. 291

Further Reading .................................................................................................................................. 292

Congestion management (queuing) ................................................................................................. 292

HQoS, sub-rate ethernet link ............................................................................................................. 293

Congestion avoidance (WRED) ........................................................................................................ 294

Further Reading .................................................................................................................................. 295

Describe layer 2 QoS ......................................................................................................................... 295

Further Reading .................................................................................................................................. 295

Queuing, scheduling ........................................................................................................................... 295



Exam Essentials .................................................................................................................................. 296

Chapter 21: Network Services .......................................................................................................... 298

Implement and troubleshoot first-hop redundancy protocols ....................................................... 298

HSRP, GLBP, VRRP .......................................................................................................................... 298

HSRP Addressing ............................................................................................................................... 299

HSRP Features ................................................................................................................................... 299

Preemption ........................................................................................................................................... 299

Preempt Delay ..................................................................................................................................... 300

Interface Tracking ............................................................................................................................... 300

Use Burned-In Address ...................................................................................................................... 301

Multiple HSRP Groups ....................................................................................................................... 301

Configurable MAC Address ............................................................................................................... 301

Authentication ...................................................................................................................................... 302

IP Redundancy .................................................................................................................................... 302

Restrictions for VRRP ........................................................................................................................ 302

VRRP Operation.................................................................................................................................. 303

VRRP Benefits ..................................................................................................................................... 303

Multiple Virtual Router Support ......................................................................................................... 305

VRRP Router Priority and Preemption ............................................................................................ 305

VRRP Advertisements........................................................................................................................ 306

VRRP Object Tracking ....................................................................................................................... 306

How VRRP Object Tracking Affects the Priority of a Device ....................................................... 307

GLBP Active Virtual Gateway ........................................................................................................... 308

GLBP Virtual MAC Address Assignment ........................................................................................ 308

GLBP Virtual Gateway Redundancy ................................................................................................ 308

GLBP Virtual Forwarder Redundancy ............................................................................................. 308

GLBP Gateway Priority ...................................................................................................................... 309

GLBP Gateway Weighting and Tracking ......................................................................................... 309

GLBP Benefits ..................................................................................................................................... 310

Further Reading .................................................................................................................................. 310

Redundancy using IPv6 RS/RA ........................................................................................................ 310

Further Reading .................................................................................................................................. 311

Implement and troubleshoot network time protocol ....................................................................... 311

Further Reading .................................................................................................................................. 312

NTP Authentication ............................................................................................................................. 312

Implement and troubleshoot IPv4 and IPv6 DHCP ....................................................................... 313

DHCP client, IOS DHCP server, DHCP relay ................................................................................ 313

Further Reading .................................................................................................................................. 314

DHCP options ...................................................................................................................................... 315

DHCP protocol operations ................................................................................................................. 315

Further Reading .................................................................................................................................. 315

SLAAC/DHCPv6 interaction .............................................................................................................. 315



DHCPv6 prefix delegation ................................................................................................................. 316

Further Reading .................................................................................................................................. 317

Implement and troubleshoot IPv4 network address translation ................................................... 317

Static NAT, dynamic NAT, policy-based NAT, PAT ...................................................................... 317

Further Reading .................................................................................................................................. 318

NAT ALG .............................................................................................................................................. 318

Further Reading .................................................................................................................................. 318

Describe IPv6 network address translation .................................................................................... 318

NAT64 ................................................................................................................................................... 318

Further Reading .................................................................................................................................. 319

NPTv6 ................................................................................................................................................... 319

Further Reading .................................................................................................................................. 319

Exam Essentials .................................................................................................................................. 319

Chapter 22: Network Optimization ................................................................................................... 322

Implement and troubleshoot IP SLA ................................................................................................ 322

ICMP, UDP, Jitter, VoIP ..................................................................................................................... 322

Further Reading .................................................................................................................................. 323

Implement and troubleshoot tracking object ................................................................................... 323

Tracking object, tracking list .............................................................................................................. 323

Further Reading .................................................................................................................................. 323

Tracking different entities (e.g. interfaces, routes, IPSLA, and such) ........................................ 323

Implement and troubleshoot Netflow ............................................................................................... 324

Netflow v5, v9 ...................................................................................................................................... 324

Table 22-1, describes various NetFlow versions and their description ...................................... 325

Further Reading .................................................................................................................................. 325

Export (configuration only) ................................................................................................................. 325

Further Reading .................................................................................................................................. 326

Implement and troubleshoot embedded event manager .............................................................. 326

EEM policy using applet ..................................................................................................................... 326

Further Reading .................................................................................................................................. 327

Identify performance routing (PfR) ................................................................................................... 327

Further Reading .................................................................................................................................. 328

Basic load balancing ........................................................................................................................... 328

Further Reading .................................................................................................................................. 329

Voice optimization ............................................................................................................................... 329

Delay ..................................................................................................................................................... 329

Jitter ....................................................................................................................................................... 330

Packet Loss.......................................................................................................................................... 330

Mean Opinion Score (MOS) .............................................................................................................. 330

Further Reading .................................................................................................................................. 331

Exam Essentials .................................................................................................................................. 331



Part 7 Evolving Technologies V1.1......................................................................................... 333

Chapter 23: Cloud ...................................................................................................................................... 335

Compare and Contrast Public, Private, Hybrid, and Multi-cloud Design Considerations ........ 335

Public Cloud ......................................................................................................................................... 336

Private Cloud ....................................................................................................................................... 336

Virtual Private Cloud (VPC) ............................................................................................................... 337

Hybrid Cloud ........................................................................................................................................ 337

Multi-cloud ............................................................................................................................................ 338

Infrastructure as a service (IaaS) ..................................................................................................... 339

Platform as a service (PaaS) ............................................................................................................ 340

Software as a Service (SaaS) ........................................................................................................... 341

Consolidation ....................................................................................................................................... 342

Virtualization ........................................................................................................................................ 342

Automation ........................................................................................................................................... 343

Performance, Scalability, and High Availability .............................................................................. 343

Performance ........................................................................................................................................ 343

Scalability and High Availability ........................................................................................................ 345

Security Implications, Compliance, and Policy ............................................................................... 345

Workload Migration ............................................................................................................................. 347

Describe Cloud Infrastructure and Operations.......................................................................................... 348

Compute Virtualization (Containers and Virtual Machines).......................................................... 348

Installing Docker .................................................................................................................................. 351

Using Docker Commands .................................................................................................................. 351

Connectivity (Virtual Switches, SD-WAN and SD-Access) .......................................................... 352

Virtual Switches ................................................................................................................................... 353

Virtual Machine Device Queues (VMDq) ........................................................................................ 354

Single Root IO Virtualization (SR-IOV) ............................................................................................ 355

SD-WAN and SD-Access .................................................................................................................. 355

Cisco SD-WAN Solution (formerly Viptela) ..................................................................................... 356

Software-Defined Access (or SD-Access) ...................................................................................... 360

Virtualization Functions (NFVI, VNF, and L4/L1) ........................................................................... 363

NFVI and VNFs ................................................................................................................................... 363

Virtual Topology Forwarder (VTF) .................................................................................................... 364

Automation and Orchestration Tools (CloudCenter, DNA-center, and Kubernetes) ............... 365

Cisco CloudCenter Manager and Orchestrator .............................................................................. 365

Cisco DNA Center ............................................................................................................................... 367

Kubernetes ........................................................................................................................................... 368

Exam Essentials .................................................................................................................................. 379

Further Reading .................................................................................................................................. 380

Chapter 24: Network Programmability ..................................................................................................... 382

Describe Architectural and Operational Considerations for a Programmable Network ........... 382

Data Models and Structures (YANG, JSON and XML) ................................................................. 382



YANG .................................................................................................................................................... 383

YAML .................................................................................................................................................... 386

JSON ..................................................................................................................................................... 387

JSON Example .................................................................................................................................... 387

XML ....................................................................................................................................................... 388

XML Example ...................................................................................................................................... 388

Device Programmability (gRPC, NETCONF and RESTCONF) .................................................. 389

gRPC ..................................................................................................................................................... 389

NETCONF ............................................................................................................................................ 391

NETCONF Example ........................................................................................................................... 392

RESTCONF ......................................................................................................................................... 392

Using RESTCONF to Retrieve Full Running Configuration ......................................................... 393

Using RESTCONF to Retrieve Interface Specific Attributes ........................................................ 393

Controller Based Network Design (Policy Driven Configuration and Northbound/Southbound

APIs)...................................................................................................................................................... 393

Policy-driven Configuration................................................................................................................ 393

Northbound and Southbound APIs .................................................................................................. 394 Configuration Management Tools (Agent and Agentless) and Version Control Systems (Git

and SVN) .............................................................................................................................................. 396

Configuration Management Tools (Agent and Agentless)............................................................ 396

Version Control Systems (Git and SVN) ......................................................................................... 397

Creating Configuration Change ........................................................................................................ 400

Building New Configuration ............................................................................................................... 400

Testing New Configuration ................................................................................................................ 401

Deploying New Configuration............................................................................................................ 401

Exam Essentials .................................................................................................................................. 406

Further Reading .................................................................................................................................. 407

Chapter 25: Internet of Things................................................................................................................... 410

Describe Architectural Framework and Deployment Considerations for Internet of Things (IoT)

............................................................................................................................................................... 410

IoT Technology Stack (IoT Network Hierarchy, Data Acquisition and Flow) ............................. 413

Embedded Systems Layer ................................................................................................................ 413

Multi-Service Edge (or Access) Layer ............................................................................................. 413

Core Network Layer ............................................................................................................................ 414

Data Center Cloud Layer ................................................................................................................... 414

Data Acquisition and Flow ................................................................................................................. 414

IoT Standards and Protocols (characteristics within IT and OT environment) .......................... 416

IoT Security (network segmentation, device profiling, and secure remote access) ................. 418

IoT Edge and Fog Computing (data aggregation and edge intelligence) .................................. 419

Data Aggregation ................................................................................................................................ 419

Edge Intelligence ................................................................................................................................. 420

Exam Essentials .................................................................................................................................. 421



Further Reading .................................................................................................................................. 422



Preface

Congratulations! You have taken your first step towards passing the CCIE R&S 400-101 (V5.1)

written exam. This written exam cert guide is specifically geared for CCNP/CCNA certified

individuals who want to step up and prepare for the CCIE written exam.

This book is dedicated to all those souls who will never settle for less than they can be, do,

share, and give!

What this Exam Cert Guide covers

As you may already have noticed on the "Contents at a Glance" page that this guide has been

formatted around the Cisco's official CCIE 400-101 (V5.1) exam topics or curriculum. So as you

read through parts and chapters, you know exactly where you're within your learning journey.

All contents are carefully covered in enough details however still trimmed to exactly what's

necessary to pass the exam. Each exam topic has "Further Reading" section, which I highly

recommend you to refer to for more in-depth details to the source material.

It is also worth noting that CCNP/CCNA official exam topics nicely align with the CCIE written

blueprint which makes CCIE written a perfect step up from Associate/Professional tracks.

CCIE 400-101 R&S V5.1

Exam Topics

CCNP 300-101

Exam Topics

CCNA 200-101

Exam Topics

Network Principles Network Principles ● Operations of IP Data

Networks

● Troubleshooting

Layer 2 Technologies Layer 2 Technologies ● LAN Switching

Technologies

● WAN Technologies

Layer 3 Technologies Layer 3 Technologies ● IP Addressing

(IPv4/IPv6)

● IP Routing

Technologies

https://learningnetwork.cisco.com/community/certifications/ccie_routing_switching/written_exam_v5/exam-topics

https://learningnetwork.cisco.com/community/certifications/ccie_routing_switching/written_exam_v5/exam-topics



VPN Technologies VPN Technologies N/A

Infrastructure Security Infrastructure Security Network Device Security

Infrastructure Services Infrastructure Services IP Services

Evolving Technologies N/A N/A

How to use this Exam Cert Guide

This guide is written as a bridging study material for CCNP/CCNA professionals who are

studying for CCIE R&S written 400-101 (V5.1) exam. I strongly suggest to take a methodical

approach for exam preparation, i.e. start with a target date when you would like to sit for the

actual exam and then work backwards to see what kind of study plan would work for you. I

believe you can cover the entire contents within a couple months including the practice

questions (refer to website). We strongly suggest you to also use other study resources in

addition to bringing your networking experience to bear in order to successfully pass the exam.

What's available on the CCIEin8Weeks website

CCIEin8Weeks.com carries the extras that go hand in hand with this exam cert guide to further

ensure your exam success!

Website includes:

● Seven practice quizzes (one for each section as per official curriculum), one final exam

● Four study plans, to help you track your progress or help you come up with your own

plan

● CCIE Exam community forum, to help you interact with others, share knowledge, find

study partners etc.

● Last but not least, this exam cert guide in printable PDF format



Part 1 Network Principles


Chapter 2: Network Implementation and Operation

Chapter 3: Network Troubleshooting




This chapter covers the following exam topics from Cisco's official 400-101 (v5.1) written exam

curriculum.

● Basic software architecture differences between classic IOS and IOS XE

● Cisco Express Forwarding (CEF)

● General network challenges (such as unicast flooding, out of order packets, asymmetric

routing and impact of microbursts)

● IP operations (such as ICMP unreachable/redirect, IPv4 options, IPv6 extension

headers, IPv4/v6 fragmentation, TTL, IP MTU)

● TCP operations (IPv4/IPv6 PMTU, Maximum Segment Size-MSS, Latency, Windowing,

BW delay product, global synchronization)

● UDP operations (TCP starvation / UDP dominance, latency, RTP/RTCP concepts)




Describe basic software architecture differences between IOS and IOS XE

Cisco classic IOS has always had a monolithic software architecture, which means that it is both

downloaded and run as a single binary image where all processes share the same memory

address space. Monolithic and non-modular architecture leads to no memory protection

between processes, as a result software defects in classic IOS code can potentially corrupt data

used by other processes. It also has a run to completion scheduler, which means that the kernel

does not preempt a running process — the process must make a kernel call before other

processes can be scheduled and get a chance to run. Since, historically, IOS has served as an

Operating System as well as providing the key Routing Infrastructure, there has always been an

aspect of Platform Dependent (PD) and Platform Independent (PI) code within IOS.

In all variations of classic Cisco IOS, packet routing and forwarding (switching) are distinct

functions. Routing and other protocols run as IOS processes and contribute to the formation of

Routing Information Base (RIB). This is processed to generate the final IP forwarding table (FIB,

Forwarding Information Base), which is used by the forwarding function of the router. On router

platforms with software-based forwarding (e.g., Cisco 7200 or Cisco ISR G2) most traffic

handling is done at interrupt level using Cisco Express Forwarding (CEF). This helps avoid

process context switching that would need to be done otherwise to forward packets. Routing

functions such as OSPF or BGP run at the process level. In routers with hardware-based

forwarding, such as the Cisco ASR1000 (which runs IOS XE), ASR9000 or CRS-1 or NCS

series (which run IOS XR), IOS computes the FIB in software running on route processor (RP)

hardware (typically x86 CPUs) and loads it into the forwarding hardware (such as an ASIC or a

network processor), which performs the actual packet forwarding function. IOS XE allows the

platform dependent code to be abstracted from a single monolithic image. By moving drivers

outside of IOS, IOS XE enables a more purely PI-focused IOS process. This provides a more

efficient software delivery model for both the core IOS team, as well as platform developers,

since the software can be developed, packaged and released independently.

The IOS XE is a POSIX based environment along with various open source software for the

common drivers, tools and utilities needed to manage the system. In addition to the standard set



of off-the-shelf drivers, IOS XE also includes a set of Cisco specific drivers and associated

chassis/platform management modules.

On top of the base operating system (Linux) and drivers, IOS XE provides a comprehensive set

of infrastructure modules which define how software is installed, how processes are started and

sequenced, how high-availability (HA) and software upgrades are performed. The core

application that runs on top of this new infrastructure is the IOS feature set in the form of IOS

daemon (IOSd). By running Cisco IOS, products reap the benefits of an extensive feature set for

routing and switching platforms that has been built into IOS over last two decades.

Finally, the evolved IOS architecture is specifically designed to accommodate other applications

outside of IOS blob or IOSd. These applications can be upgraded or restarted independently of

IOSd. If an application does require services from IOS, it can integrate with IOS through a set of

client libraries called service points. These service points generically extend IOS information

and services to outside applications such that these services are not replicated or managed

separately. IOS XE is not a new network “OS” per se, it is rather an incarnation of classic IOS

(“IOS”) where role of classic IOS is reduced to an application running on top of a Linux kernel.

This approach also allows building routing/switching platforms that use a variety of data plane

hardware (ASICs or network processors such as Cisco’s QFP or CPP) by way of the abstraction

provided between control and data planes.

IOS XE permits the integration of non-IOS applications through the following mechanisms:

● Standard Linux-based environment for hosting applications;

● Extending IOS functionality into peripheral applications through well-defined APIs

exported via Linux-shared client libraries;

● Provide a robust management infrastructure called Common Management Enabling

Technology (COMET) that allows for CLI, XML, SNMP, and HTTP-based management

of integrated applications.

Each Cisco IOS XE Software subpackage provides specific functions for the Cisco ASR 1000

Series router.

Table 1-1, shows functions of Cisco IOS XE Software Subpackages

Package Function



RPBase Provides the operating system software for the route

processor

RPControl Controls the control plane processes that interface

between Cisco IOS Software and the rest of the platform

RPAccess Provides software required for router access

● The non-K9 version of this subpackage is

included only in consolidated packages that do

not have cryptographic support.

● The K9 version of this sub-package includes

restricted components (Secure Sockets Layer

[SSL] and Secure Shell [SSH]); consolidated

packages with this subpackage are subject to

export controls.

RPIOS Provides the Cisco IOS Software kernel, which is where

Cisco IOS Software features are stored and run;

each consolidated package has a different RPIOS

subpackage

ESPBase Provides the ESP operating system and control

processes and the ESP software

SIPSPA Provides the shared port adaptor (SPA) driver and

associated field-programmable device (FPD) images

SIPBase Controls the Session Initiation Protocol (SIP) carrier card

operating system and control processes

Control plane and Forwarding plane

IOS XE allows development of data plane ASICs outside the IOS instance and have them

program to a set of standard APIs which in turn enforces Control Plane and Data Plane

processing separation. It achieves Control Plane / Data Plane separation through the

introduction of the Forwarding and Feature Manager (FFM) and its standard interface to the



Forwarding Engine Driver (FED). FFM provides a set of APIs to control plane processes. FFM

programs the data plane via the FED and maintains forwarding state for the entire system. The

FED is the instantiation of the hardware driver for the data plane.

Table 1-2, compares classic IOS (“IOS) and IOS XE architectures

Software Architecture Classic IOS (“IOS”) IOS XE

Monolithic Yes No

Control and Data Plane

separation (Software)

No Yes

Control and Data Plane

separation (Hardware)

Platforms that run classic

IOS do not have clear

separation of control and

data plane in hardware

Platforms that run IOS XE

do have clear separation of

control and data plane

hardware

Feature parity All IOS versions contain a

singular set of IOS features

(E.g. all platforms in T train

contain same features such

as Cisco ISR G2 and 7200)

All IOS XE versions contain

software that is specific to

one or a set of platforms

E.g., IOS XE running on

Cisco ASR 900 contains

different feature set than

one running on Cisco

ASR1000

Example Platforms All software based platform

Cisco ISRs (3900, 2900,

1900, 8XX), 7200 (end of

life)

Cisco ISR 4K

Cisco ASR1000 series

(1006, 1004, 1002, 1001)

Impact to troubleshooting and performances

Significant differences in software architecture lead to significant differences in how you

troubleshoot the platforms that run classic IOS versus IOS XE. We can break down those

differences in few larger areas.



Table 1-3, shows comparison of troubleshooting differences between classic IOS

(“IOS) and IOS XE

Troubleshooting Area Classic IOS (“IOS”) IOS XE

Methodology All software based

platforms use single set of

troubleshooting approach

Different set of show/debug

platform CLIs for control

and data planes

Command Line Interface

(CLI) - show and debug

commands

All software based


CLIs

Show/Debug CLIs can be

specific to a given platform

(e.g. ASR1000 versus ISR

4451)

Files and locations All software based


rules (E.g., crash dump go

to internal bootflash by

default)

Classic IOS image naming

conventions

It can be specific to a given

platform (e.g. ASR1000

versus ISR 4451)

ASR1000 dumps SPA

driver cashdump on

harddisk: by default

Newer software packages

naming conventions

Level of difficulty Straightforward, upside of

software-based platforms

Complex, downside or cost

of modularity i.e. clear

separation of control and

data plane software and

hardware leads to more

involved troubleshooting

Identify Cisco express forwarding concepts

Cisco Express Forwarding (CEF) is advanced, layer 3 IP forwarding technology. CEF optimizes

network performance and scalability where networks have large and dynamic traffic patterns,

such as the Internet itself.

CEF offers the following benefits:



● Improved performance—CEF is less CPU-intensive than older fast switching. As a

result, more CPU processing power can be dedicated to other layer 3 services such as

quality of service (QoS) and encryption.

● Scalability—CEF offers full switching capacity at each line card or blade when distributed

CEF (dCEF) mode is active.

● Resilience—CEF offers switching consistency and stability in large dynamic networks. In

dynamic networks, fast-switched cache entries go through high level of churn and are

frequently invalidated due to routing changes. These changes can cause traffic to be

process switched using the routing table, rather than fast switched using the route

cache. With CEF, Forwarding Information Base (FIB) lookup table contains all known

routes that exist in the routing table, it eliminates route cache maintenance and as a

result avoids sub optimal forwarding scenarios that takes place with the fast-switch or

process switching.

CEF uses a FIB to make IP destination prefix-based switching decisions. The FIB is

conceptually similar to a routing table or information base. It maintains a mirror image of the

forwarding information contained in the IP routing table. When routing or topology changes

occur in the network, the IP routing table is updated, and those changes are reflected in the FIB.

The FIB maintains next hop address information based on the information in the IP routing

table.

Hardware based switching platforms use Content Addressable Memory (CAM) for storing the

CEF related information. These tables are finite and can fill up to exhaustion, which would

cause forwarding to fall back to software. Catalyst 4500, as an example, can carry up to 128K

entries in Supervisor IV/V CAMs. Once those entries are filled up, it switches to software

forwarding with an error message “C4K_L3HWFORWARDING-2-FWDCAMFULL”. You can

verify CAM table usage by show platform hardware ip route summary command.

“show mls cef exception status” can be used on Catalyst 6500 to check on FIB TCAM usage. A

switch with FIB TCAM full will repeatedly throw an error message like below:

%MLSCEF-DFC4-7-FIB_EXCEPTION: FIB TCAM exception, Some

entries will be software switched



As a result of this TCAM exception condition, connectivity is affected and might result in

elevated CPU usage due to software switching.

RIB, FIB, LFIB, Adjacency table

Routing Information Base (RIB)

RIBs (Routing Information Base) maintain the network topologies and routing tables for each

protocol. This would include many routes going to the same destination prefix. It is built on per

routing protocol basis, so RIP and OSPF have their own copy of RIBs.

Forwarding Information Base (FIB)

FIBs are the best routes from possibly many routing protocols in the RIBs pushed down to fast

forwarding lookup memory (or just DRAM for software-based platforms) for the best path(s).

This is what you see in show ip route command output. There is one copy of FIB per system for

centralized forwarding platforms, or one for each line card in case of distributed systems.

Label Information Base (LIB)

LIB (Label Information Base) is the software table maintained by IP/MPLS capable routers to

store the details of port and the corresponding MPLS router label to be popped or pushed on

incoming or outgoing MPLS packets respectively. LIB entries are populated from label-

distribution protocols. LIB functions in the control plane of Cisco routers. It is used by the label

distribution protocol for mapping the next hop labels.

Label forwarding information base (LFIB) is a data structure and way of managing forwarding in

which destinations and incoming labels are associated with outgoing interfaces and labels. The

forwarding paradigm employed by MPLS is based on the notion of label swapping. When a

packet with a label is received by an Label Switching Router (LSR), the switch uses the label as

an index in its LFIB to determine the outgoing interface.

Adjacency Tables

Routers or Switches in a network are considered adjacent if they can reach each other with a

single hop across a link layer. In addition to the FIB, CEF uses adjacency tables to prepend



Layer 2 addressing information such as MAC addresses. The adjacency table maintains Layer 2

next-hop addresses for all FIB entries.

Load balancing Hash

In a router, act of distributing packets across multiple links based on layer 3 routing information

is known as load balancing. If a router discovers multiple paths to a destination, the routing table

is updated with multiple entries for that destination.

Router> show ip route

[...]

I 192.168.25.0/24 [115/10] via 192.168.24.6

[115/10] via 192.168.24.10

[115/10] via 192.168.24.14

[...]

Usually the paths have the same metric, however there are routing protocols that allow unequal

cost (or metric) load balancing. A router learns about the existence of parallel paths through the

routing protocols and builds its routing table accordingly.

The number of paths used is limited by the number of entries the given IP routing protocol puts

in the routing table, the default in IOS is 4 entries for most routing protocols with the exception

of BGP, where it is one entry (only the best path). The maximum number of paths that can be

configured are 6. Cisco IOS supports two primary modes of load balancing, i.e. per-destination

and per-packet basis.

Per-Destination load balancing

In per-destination mode all packets for a given destination are forwarded along the same path.

This preserves packet order however may lead to unequal usage of the links. If one host

receives the majority of the traffic all packets will use one link, leaving bandwidth on other links



unused. This is the default load balancing mode in IOS using universal algorithm. Original per-

destination algorithm creates a 4-bit hash of the source and destination IP address and load

balances based on this 16 (2^4) value hash.

Per-Packet load balancing

Per-packet load balancing guarantees equal load across all links however packets may arrive

out-of-order at the destination as differential delay may exist for each link used. In particular,

per-packet load balancing can result in unsatisfactory data transmission for video and voice

streaming.

Router(config)#ip cef load-sharing algorithm ?

include-ports Algorithm that includes Layer 4 ports

original Original algorithm

tunnel Algorithm for use in tunnel only environments

universal Algorithm for use in most environments

The following load-balancing algorithms are provided for use with Cisco Express Forwarding

traffic.

● Original algorithm—The original Cisco Express Forwarding load-balancing algorithm

produces distortions in load sharing across multiple routers because the same algorithm

was used on every router. Depending on your network environment, you should select

either the universal algorithm (default) or the tunnel algorithm instead.

● Universal algorithm—The universal load-balancing algorithm allows each router on the

network to make a different load sharing decision for each source-destination address

pair, which resolves load-sharing imbalances. The router is set to perform universal load

sharing by default.

● Tunnel algorithm—The tunnel algorithm is designed to balance the per-packet load

when only a few source and destination pairs are involved.

● Include-ports algorithm—The include-ports algorithm allows you to use the Layer 4

source and destination ports as part of the load-balancing decision. This method benefits

traffic streams running over equal cost paths that are not load shared because the

majority of the traffic is between peer addresses that use different port numbers, such as

Real-Time Protocol (RTP) streams.



Polarization concept and avoidance

CEF polarization occurs when traffic uses per destination load balancing and the same

algorithm, which is default, is used throughout the network which causes traffic to not be load

balanced after the first distribution.

As an example think of a layer 3 network with multiple layers or levels each with a possible path

to the right or left. If 100Mbps of traffic was coming into a router, it would be load balanced

50/50, with 50Mbps to Router-right and 50Mbps to Router-left, but as Router-level-1-right &

Router-level1-left will use the same algorithm to determine which path the traffic will take, but as

the algorithm is identical it will be a 100/0 split, with 50Mbps going to Router-level2-right and

Router-level2-left and no data going to other paths. Whenever there is an even number of

ECMP available, traffic will not be distributed evenly. Level 1 and 2 represent top to down router

topology.

To counter this issue, a newer algorithm called the universal algorithm was developed where a

32-bit value is added to the hashing algorithm, this value can be manually set but defaults to the

highest loopback IP on the router. This is based on the concept called unique-ID/universal-ID.

Hash function is known as universal-ID, a randomly generated value at the time of the router or

layer 3 switch boot up that can be manually controlled. This seeds the hash function on each

router with a unique ID, which ensures that the same source/destination pair hash into a

different value on different routers along the path within the network. This process provides a

better network-wide load-sharing and avoids the polarization issue. In order to configure a

custom ID, you can use the following CLI:

Router(config)#ip cef load-sharing algorithm universal <id>

Another way to avoid polarization would be to use alternate between default (Source IP and

Destination IP) and full (Source IP + Destination IP + Layer 4 ports) hashing inputs configuration

at each layer of the network. Of course, this is not practical if we’re talking about a large network

with many layers some possibly outside the control of the given network administrator.

Explain general network challenges

Unicast flooding



Unicast flood is the unintentional behavior of a switch treating a unicast packet as a broadcast

packet; a packet destined for one host is flooded or transmitted out of all the ports of a switch.

The underlying cause of flooding is that destination MAC address of the packet is not in the L2

forwarding table (there is one for each VLAN) of the switch. The primary reasons for unicast

flooding behavior include asymmetric routing, STP topology changes (i.e. repeated TCNs), and

MAC forwarding table overflow.

Asymmetric Routing

When communication between two hosts (or endpoints of any type) take different paths on their

way out and another on their way in, it is called asymmetric routing. It can also cause packets to

arrive out of order if packets that are part of a given flow take different paths. Large amounts of

flooded traffic might saturate low-bandwidth links causing network performance issues or

complete connectivity outage to devices connected across such low-bandwidth links. An

example of such situation could be a topology where there are two switches (ports in two

VLANs, say A and B), two routers (doing inter-VLAN routing between A and B) and two hosts

one in VLAN A and one in VLAN B. Now since the routers will proxy ARP for respective hosts

as they are default gateways, switches will never be able to learn actual end hosts MAC

addresses (router will rewrite them every single time to their own). Switch A and B will continue

to flood traffic since they are unaware of the actual host A and host B MAC addresses. The

solution approach is normally to bring the router's ARP timeout and the switch’s' forwarding

table-aging time close to each other. This will cause the ARP packets to be broadcast,

relearning must occur before the L2 forwarding table entry ages out.

Spanning-Tree Protocol Topology Changes

TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN,

even if the particular destination MAC address has aged out, flooding should not happen for

long in most cases since the address will be relearned. The issue might arise when TCNs are

occurring repeatedly within short period of time. The switches will constantly be fast-aging their

forwarding tables so flooding will be nearly constant. Typically, a TCN is rare occurrence in a

well-configured network. As said before, when the port on a switch goes up or down, there is

eventually a TCN once the STP state of the port is changing to or from forwarding. However,

when a port is flapping, repetitive TCNs and flooding occurs.



The solution approach would be to configure ports with the STP portfast feature and avoid

TCNs when going to or from the forwarding state. Configuration of portfast on all end-device

ports (such as printers, PCs, servers, and so on) should limit TCNs to a low amount.

Forwarding Table Overflow

As mentioned before, another possible but not so common cause of flooding can be overflow of

the switch forwarding table. In this case, new addresses cannot be learned and packets

destined to such addresses are flooded until some space becomes available in the forwarding

table. New addresses will then be learned. Since most modern switches have large enough

forwarding tables to accommodate MAC addresses for most designs, L2 table overflows are

uncommon.

Out of order packets

Using per-packet load balancing to share the traffic load across available paths to a given

destination can lead to out-of-order packets for a given data flow.

Impact of micro burst

Micro-bursting is a phenomenon where rapid bursts of data packets are sent in quick

succession, leading to periods of full line-rate transmission that can overflow packet buffers of

the network stack, both in network endpoints and routers and switches inside the network.

Symptoms of micro bursts will manifest in the form of ignores and/or overruns (also shown as

accumulated in “input error” counter within show interface output). This is indicative of receive

ring and corresponding packet buffer being overwhelmed due to data bursts coming in over

extremely short period of time (microseconds). You will never see a sustained data traffic within

show interface’s “input rate” counter as they are averaging bits per second (bps) over 5 minutes

by default (way too long to account for microbursts). You can understand microbursts from a

scenario where a 3-lane highway merging into a single lane at rush hour – the capacity burst

cannot exceed the total available bandwidth (i.e. single lane), but it can saturate it for a period of

time.

In order to troubleshoot microbursts, you need a packet sniffer that can capture traffic over a

long period of time and allow you to analyze it in the form of a graph which displays the

saturation points (packet rate during microbursts versus total available bandwidth). You can



eventually trace it to the source causing the bursts (e.g. stock trading applications). You can

implement large packet buffers to avoid or mitigate microbursts.

Explain IP operations

ICMP unreachable, redirect

If a router or a layer 3 switch receives a non-broadcast packet destined for itself that uses an

unknown protocol, it sends an ICMP protocol unreachable message back to the source.

Similarly, if the software receives a packet that it is unable to deliver to the ultimate destination

because it knows of no route to the destination address, it will send an ICMP host unreachable

message to the source. This feature is enabled by default.

You can disable it by using the following CLI:

Router(config-if)# no ip unreachables

IPv4 options, IPv6 extension headers

The possible options that can be put in the IPv4 header are as follows:

Table 1-5, shows IP header options and their description

Field Size (bits) Description

Copied 1 Set to 1 if the options need to be copied into all fragments of a

fragmented packet.

Option

Class

2 A general options category. 0 is for "control" options, and 2 is

for "debugging and measurement". 1, and 3 are reserved.

Option

Number

5 Specifies an option

Option

Length

8 Indicates the size of the entire option (including this field). This

field may not exist for simple options

Option Data Variable Option-specific data. This field may not exist for simple options

IPv6 uses two distinct types of headers:

● Main/Regular IPv6 Header



● IPv6 Extension Headers

The main IPv6 header is equivalent to the basic IPv4 one despite some field differences that are

the result of lessons learned from operating IPv4.

Table 1-6, IPv6 Extension Headers and their Recommended Order in a Packet

Order Header Type Next Header Code

1 Basic IPv6 Header -

2 Hop-by-Hop Options 0

3 Destination Options (with Routing

Options)

60

4 Routing Header 43

5 Fragment Header 44

6 Authentication Header 51

7 Encapsulation Security Payload

Header

50

8 Destination Options 60

9 Mobility Header 135

No next header 59

Upper Layer TCP 6

Upper Layer UDP 17

Upper Layer ICMPv6 58

Extension headers are an intrinsic part of the IPv6 protocol and they support some basic

functions and certain services. The following is a list of situations where EHs are commonly

used:



● Hop-by-Hop EH is used for the support of Jumbo-grams or, with the Router Alert option,

it is an integral part in the operation of Multicast Listener Discovery (MLD). Router Alert

is an integral part in the operations of IPv6 Multicast through MLD) and RSVP for IPv6.

● Destination EH is used in IPv6 Mobility as well as support of certain applications.

● Routing EH is used in IPv6 Mobility and in Source Routing. It may be necessary to

disable ipv6 source routing using ipv6 source-route command on routers to protect

against DDoS.

● Fragmentation EH is critical in support of communication using fragmented packets (in

IPv6, the traffic source must do fragmentation-routers do not perform fragmentation of

the packets they forward)

● Mobility EH is used in support of Mobile IPv6 service

● Authentication EH is similar in format and use to the IPv4 authentication header

● Encapsulating Security Payload EH is similar in format and use to the IPv4 ESP header.

All information following the Encapsulating Security Header (ESH) is encrypted and

obfuscated and for that reason, it is invisible to intermediary network devices.

Documents

Learn. Practice. Achieve @ CCIEin8Weeks · Learn. Practice. Achieve @ CCIEin8Weeks.com FULL GUIDE HAS 400+ PAGES All-in-One CCIE Routing and Switching V5.1 400-101 Written Exam Cert